Last week it was revealed that more than two million Facebook, Twitter, and Gmail accounts may have been hacked in an international malware ploy. That bad news came on the heels of another privacy breach for Facebook-owned Instagram.

The controversy centers on InstLike, an app that promised more “likes” and followers. But the rogue app is suspected of hacking at least 100,000 Instagram users to gain access to passwords and other personal details. In effect, some say this turned unsuspecting app users into willing participants of a giant social botnet.

The security ramifications will have you think twice before downloading another app. In fact, these privacy violations should cause many to take a deeper look at why they even use Instagram, or Facebook, or any other online photo-sharing website.

“It’s just very interesting to see what length people will go to in order to get likes in their photos,” Satnam Narang, researcher for the security firm Symantec, told Mashable.

Here’s how the scam worked, according to the Mashable article:

“Users perhaps were naive to give up their passwords, but the app was sophisticated; it used a variety of ways to convince people to pay for virtual coins and spread the app.

The app allocated 20 free coins per day to users. One Like would cost you one coin and one follower cost 10 coins. After those 20 daily coins, a user had to buy more with real money. The minimum purchase of 100 coins would set you back just $1, and if you referred another user to InstLike, you received 50 free coins, encouraging users to recruit new players.

The app included an auto-Like feature that sent 500 Likes to pictures with common hashtags, in hopes of receiving Likes in return or follow-backs. For 20 coins, a user could purchase a one-day premium service that allowed him to send up to 1,500 Likes and customize the target hashtags.

Moreover, a user would get 20 free Likes if he used the hashtag #instlike_com in his own photo captions. A search on Instagram reveals that more than 500,000 photos already contain that hashtag.”

Instagram — which said this app violated its Terms of Use — said the company has “a team dedicated to stopping abuse on the service and enforcing our policies, including removing content that violates our terms.”

InstLike has been removed from Google Play and the App Store. Anyone who downloaded InstLike should change their password and then delete the app.

Security Tips

Here are five things you can do to help keep your Instagram account safe:

Pick a strong password: Use a combination of at least six numbers, letters, and punctuation marks (like ! and &).

Make sure your email account is secure.

Log out of Instagram when you use a shared computer or device.

Think before you authorize any third-party applications.

Never give anyone you do not know and trust your password.

Finally, think twice about what photos and videos you choose to share on social media.